A major South Korean ISP is accused of installing malware on over 600,000 customers’ PCs to curb torrent traffic, raising concerns about user privacy and ethical business practices.
A major South Korean internet service provider (ISP) is facing accusations of installing malware on over 600,000 customers’ PCs. The incident, first reported by the Korean news agency JTBC, targeted users of Webhard, a popular file-sharing service in the country.
Reportedly, Webhard customers began experiencing issues in May 2020, including slow transfer speeds, corrupted files, and even disabled computers. Initially, Webhard was suspected of wrongdoing, leading to a surge in user complaints.
However, an in-depth investigation by JTBC reportedly found evidence that one of the country’s leading ISPs, KT (formerly Korea Telecom) was actively deploying malware onto subscribers’ computers via dedicated teams in malware development, distribution, operation, and wiretapping sections.
This malware specifically targeted Webhard users, interfering with their file transfers and causing the reported issues. The exact method of distribution remains unclear, but a systematic approach by KT is evident from the widespread impact of this tactic.
The motivations behind KT’s alleged actions are supposedly related to curbing torrent traffic on their network. TorrentFreak reports that filesharing in South Korea remains popular, with Web Hard Drive (Webhard) services being particularly popular.
Webhard offers dedicated web seeds and relies on the BitTorrent-enabled peer-to-peer file sharing-based ‘Grid System,’ which ISPs criticize due to the costliness of high bandwidth usage associated with torrent transfers.
For your information, Webhard and KT have conflicts with the Grid Service. While Webhard claims it saves billions of Korean Won by allowing users to use peer-to-peer services for data storage/transfer, KT argues that this practice strains their network. Both companies went to court, which ruled in KT’s favour. However, instead of blocking IP addresses, KT installed malware on Grid Service users, causing problems for users.
The news has sparked outrage in South Korea for violating customer trust and potentially exposing users to malware. The Gyeonggi Southern Police Agency has seized KT’s data center and headquarters, suspecting potential violations of the Communications Secrets Protection Act and the Information and Communications Network Act. Depending on the findings, KT could face legal repercussions for its actions.
ISP and Malware
This is not the first time an ISP has been accused of installing malware on its customers’ devices. In June 2022, Google’s Threat Analysis Group (TAG) reported that ISPs in Italy and Kazakhstan were assisting spyware vendors in installing malware to target mobile users on both iOS and Android.
Nevertheless, this incident highlights the importance of transparent and ethical practices by ISPs. Customers deserve to have control over their internet usage and be protected from malicious software. Although it can put a strain on an ISP’s bandwidth, resorting to malware to tackle this issue is a highly unethical and potentially illegal tactic.